Hello, I am writing a solution that intercepts file deletion and securely deletes it by wiping file contents according to user configuration. Currently i plan to achieve this by having a kauth kext that intercepts KAUTH_VNODE_DELETE and a user space deamon that does actual wiping. Somewhere, either in kext or in user space daemon, i want to create a new hard link to the to-be-deleted vnode in a special folder for each mount point, queue this file for wiping using this new link and return from kauth callback. I can think of creating a new hard link either in kernel (directly in kauth callback) or by notifying my user space daemon and blocking until it creates the link (otherwise there is a race condition between vnode deletion in kernel and link call from user space daemon). In the first case (create a hard link from kernel) i can't seem to figure out how to do this because VNOP_LINK is private and probably for good reason. In the second case (notifying the user space daemon) i need to synchronize properly, i.e. to wait until user space daemon creates a new hard link and then exit from kauth callback, which is not that good since i need to share some kind of a semaphore and actually block the kernel waiting for a user space event to occur. I would prefere creating a hard link from kernel, but my question is is it possible in the first case and if not what would have been a better workaround? Thanks Evgeny _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-kernel mailing list (Darwin-kernel@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/darwin-kernel/site_archiver%40lists.... This email sent to site_archiver@lists.apple.com